The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Is .htaccess the best way to secure a folder?

Hey guys,

I am using a CMS, and I can restrict access to pages of my website etc quite easily. But I also want to restrict access to folders. I know this can be done using .htaccess, but is it the best solution? And if I want to link something from one of these folders, does the code need the password? If so how would that work?

If you are unable to create the folder above the folder where your CMS exists, the .htaccess is a good method. You will need the password to access anyting in these folders, which the web broswer will prompt you for.

If what you're trying to do is keep sensitive scripts from prying eyes that you want to use within your site, then this isn't a good method, as you'll need that password in order to access the script. The best solution for this is what Psyche said: place the files in a folder that is outside of your web folder.

You include them into your page using the include_once() function. You have to also be sure you provide PHP with the path to your hidden folder. This can be done in the public folder's .htaccess file like this:

php_value include_path /home/mysite.com/inc

Then in your HTML page, you add at the top...

include_once('myscript.php');

myscript.php would be located in the /home/mysite.com/inc/ folder on your server.

Oh, yes, that's a whole different kettle of fish, and a lot more involved. I recommend you check some of the user notes for the header() function in the php.net site, which has some posts on doing exactly what you want: